One of the most popular Russian-language cybercrime forums has announced it would ban all topics related to ransomware to prevent unwanted attention. XSS (previously known as DaMaGeLaB) a Russian clearnet and darknet forum on which users can post and reply to discussion threads. It is hosting discussion topics including hacking, programming and technology, as well as a marketplace section in which users can make direct sales of mostly digital products.
DaMaGeLaB was one of the first Russian-speaking forums relating to the darknet, dating back to at least 2013. Following the arrest of one of its administrators in 2017, the site rebranded as xss.is and relaunched in September 2018.
In a post on the forum the site’s administrator expressed their opinion about ransomware and stated that from now on all threads pertaining to "Ransomware affiliate programs", "Ransomware rental", and the "Sale of lockers (ransomware software)" will be prohibited on the forum and all existing topics will be deleted.
“The main purpose of the DaMaGeLaB forum is knowledge. We are a technical forum, we learn, we study, we share knowledge, we write interesting articles. The purpose of ransomware is just financial gain. The goals do not match. Of course, everyone needs money, but not to the detriment of main aspirations,” the forum admin wrote.
“Newbies see news in the media, see some crazy virtual millions of dollars that they will never get. They don’t want anything, they don’t learn anything, they don’t code anything, they don’t even think, all the essence of being comes down to ‘encrypt – get $’. They just go to GitHub looking for locker source codes and then encrypt everything they see. Since our forum is aimed at beginners, this is important to us.”
“Too much PR. Lockers (ransom) have accumulated a critical mass of nonsense, hype, noise … Moreover, 90% of this madness was created artificially, feeding this hype. Those who make good money on this noise (exchanges, insurance, intermediaries, media, etc.) … The word ransom was equated with a number of unpleasant phenomena - geopolitics, extortion, government hacking. This word has become dangerous and toxic.”
Shortly after this post was published representatives of the REvil ransomware gangs responded that they are leaving XSS and temporarily moving to the Exploit.In forum. Then they plan to go into “private.”
“According to our calculations, this will take about a week,” the gang said.